Overview Repositories Revisions Requests Users Attributes Meta

Revisions of firewalld

Callum Farmer's avatar Callum Farmer (gmbr3) accepted request 986625 from Callum Farmer's avatar Callum Farmer (gmbr3) (revision 125) 
- Update to 1.2.0:
  * feat(firewalld): add new --log-target parameter
  * feat(service): add snmptls, snmptls-trap services
  * feat(service): add IPFS service
  * feat(fw): startup failsafe
  * feat(service): Add kubelet-readonly
  * feat(service): Add secure version of k8s controller-plane components
  * feat(bash): completion of policy-related commands
  * feat(service): add prometheus node-exporter
  * feat(service): add Kodi JSON-RPC and EventServer services
Callum Farmer's avatar Callum Farmer (gmbr3) accepted request 984147 from Stefan Schubert's avatar Stefan Schubert (schubi2) (revision 124) 
- Moved logrotate files from user specific directory /etc/logrotate.d
  to vendor specific directory /usr/etc/logrotate.d.
Callum Farmer's avatar Callum Farmer (gmbr3) accepted request 966067 from Callum Farmer's avatar Callum Farmer (gmbr3) (revision 123) 
- Update to 1.1.1:
  * fix(build): oci: use centos:stream8 instead of ubi:8
  * fix(functions): --check-config fails if direct.xml exists
  * fix(build): oci: use dbus inside the container
  * docs(README): add note about container host integration
  * docs: typo fixes
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 962711 from Witek Bedyk's avatar Witek Bedyk (witekbedyk) (revision 122) 
- Provide dummy firewalld-prometheus-config package (bsc#1197042)

This is to prevent file conflicts between Firewalld and Prometheus packages in case Prometheus package is built on a different system than the target one (as it is the case for SUSE Manager).
Callum Farmer's avatar Callum Farmer (gmbr3) accepted request 960050 from Martin Wilck's avatar Martin Wilck (mwilck) (revision 121) 
- Add code for safe modprobe.d migration
  (https://en.opensuse.org/openSUSE:Packaging_UsrEtc)
- Always own %_modprobedir (bsc#1196275, jsc#SLE-20639)
Callum Farmer's avatar Callum Farmer (gmbr3) accepted request 959442 from Thorsten Kukuk's avatar Thorsten Kukuk (kukuk) (revision 120) 
- Fix modprobe.d directory for SLE15 SP3
- Cleanup dependencies:
  - ipset, ebtables and iptables are purely optional and deprecated, 
    so don't require them
  - sysconfig is not needed at all
  - Don't hard require systemd, we don't have and need that in containers
Callum Farmer's avatar Callum Farmer (gmbr3) accepted request 957778 from Callum Farmer's avatar Callum Farmer (gmbr3) (revision 119) 
- Update to 1.1.0:
  * feat(service): Add jellyfin service
  * feat(policy): support OUTPUT forward ports
  * feat: config check improvements
  * feat(service): add http3
  * feat(service): add service definition for WS-Discovery Client
  * feat(service): add service definition for WS-Discovery
  * feat(service): add service definition for AFP
  * feat(rich): Support nflog target and add log attribute
    errors/checks
  * feat(service): add ZeroTier service
Callum Farmer's avatar Callum Farmer (gmbr3) accepted request 946415 from Callum Farmer's avatar Callum Farmer (gmbr3) (revision 118) 
- Update to 1.0.3:
  * fix(io): _check_config() expects a dict
  * feat(build): distribute an OCI container image
  * fix(ipset): reduce cost of entry overlap detection
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 932169 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 117) 
- Update to 1.0.2:
  * fix(firewalld): check capng_apply() return code
  * fix(nftables): do not log icmp block if inversion
  * fix(nftables): rich: source address with netmask
  * fix(fw_config): zone: on rename remove then add
  * fix(io/functions): check_config against on disk conf
  * fix(zone): detect same source/interface in zones
  * docs(policy): fix typos
  * docs(policies): fix typos
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 921449 from Callum Farmer's avatar Callum Farmer (gmbr3) (revision 116) 
- Update to 1.0.1:
  * keep linux capability CAP_SYS_MODULE
  * UPnP Client: actually allow SSDP traffic
  * Fix RPM macros to test if firewall-cmd is executable
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 910605 from Callum Farmer's avatar Callum Farmer (gmbr3) (revision 115) 
- Update to 1.0.0:
  * Reduced dependencies
  * Intra-zone forwarding by default
  * NAT rules moved to inet family (reduced rule set)
  * Default target is now similar to reject
  * ICMP blocks and block inversion only apply to input,
    not forward
  * tftp-client service has been removed
  * iptables backend is deprecated
  * Direct interface is deprecated
  * CleanupModulesOnExit defaults to no
    (kernel modules not unloaded)
- Add new firewalld-test package
- Move bash and zsh completions to more useful separate packages
- Clean spec file
- Move modprobe.d and autostart files out of /etc
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 883554 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 114) 
- Remove dependency on firewalld from firewall-macros (bsc#1183404)
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 873148 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 113) 
Preserve the reference to jsc#SLE-12281 in the old update to 0.7.5
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 866984 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 112) 
- Update to 0.9.3 (jsc#SLE-17336):
  nftables (jsc#SLE-16300):
  (rhbz#1817022, jsc#SLE-16300)
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 866974 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 111) 
- Update to 0.9.3 (SLE-17336):
  nftables (SLE-16300):
  (rhbz#1817022, SLE-16300)
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 866966 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 110) 
- Disable FlushAllOnReload option to not retain interface to zone
  assignments and direct rules when using --reload option.
  * 0002-Disable-FlushAllOnReload-option.patch
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 866564 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 109) 
- Update to 0.9.3:
  * docs(dbus): fix invalid method names
  * fix(forward): iptables: ipset used as zone source
  * fix(rich): non-printable characters removed from rich rules
  * docs(firewall-cmd): small description grammar fix
  * fix(rich): limit table to strip non-printables to C0 and C1
  * fix(zone): add source with mac address
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 863051 from Robert Frohl's avatar Robert Frohl (rfrohl) (revision 108) 
add missing dependency for firewall-offline-cmd
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 847325 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 107) 
- Remove the patch which enforces usage of iptables instead of
  nftables:
  * 0001-firewall-backend-Switch-default-backend-to-iptables.patch
- Add firewalld zone for the docker0 interface. This is the
  workaround for lack of nftables support in docker. Without that
  additional zone, containers have no Internet connectivity.
  (rhbz#1817022)
- Update to 0.9.1:
  * Bugfixes:
    * docs(firewall-cmd): clarify lockdown whitelist command paths
    * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active
    * fix(policy): zone interface/source changes should affect all using zone
Robert Frohl's avatar Robert Frohl (rfrohl) accepted request 835127 from Franck Bui's avatar Franck Bui (fbui) (revision 106) 
- Make use of %service_del_postun_without_restart
  And stop using DISABLE_RESTART_ON_UPDATE as this interface is
  obsolete.
Displaying revisions 41 - 60 of 165
openSUSE Build Service is sponsored by
Places